Tag: windows

APT37 Deploys New Rust and Python Malware Targeting Windows Systems

Sep 9, 2025 10:08 AM

Tags: cyber, group, malware, north-korea, rust, threat, warfare, windows

The North Korean-aligned threat group APT37, also known as ScarCruft, Ruby Sleet, and Velvet Chollima, has evolved its cyber warfare capabilities by deploying sophisticated Rust and Python-based malware in recent campaigns targeting Windows systems. Active since 2012, this advanced persistent threat group continues to focus on South Korean individuals connected to the North Korean regime…
Exploit-Analyse von Kaspersky – Die beliebtesten Windows- und Linux-Schwachstellen

Sep 9, 2025 8:08 AM

Tags: exploit, kaspersky, linux, vulnerability, windows

First seen on security-insider.de Jump to article: www.security-insider.de/steigende-cyberangriffe-windows-linux-schwachstellen-kaspersky-warnung-a-4ffbb12393a1344c6e1b989d1a7fea68/
Exploit-Analyse von Kaspersky – Die beliebtesten Windows- und Linux-Schwachstellen

Sep 9, 2025 8:08 AM

Tags: exploit, kaspersky, linux, vulnerability, windows

First seen on security-insider.de Jump to article: www.security-insider.de/steigende-cyberangriffe-windows-linux-schwachstellen-kaspersky-warnung-a-4ffbb12393a1344c6e1b989d1a7fea68/
Hackers Promote Gambling Websites With SEO Poisoning

Sep 9, 2025 1:08 AM

Tags: china, cybercrime, fraud, group, hacker, malware, windows

GhostRedirector Compromising Windows Servers in Brazil, Thailand and Vietnam. A suspected Chinese cybercrime group is deploying custom malware to compromise Windows servers in Brazil, Thailand, Portugal and Vietnam as part of search engine optimization fraud to promote gambling websites. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-promote-gambling-websites-seo-poisoning-a-29389
‘MostereRAT’ Malware Blends In, Blocks Security Tools

Sep 9, 2025 12:08 AM

Tags: access, edr, malware, threat, tool, windows

A threat actor is using a sophisticated EDR-killing malware tool in a campaign to maintain long-term, persistent access on Windows systems. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/mostererat-blocks-security-tools
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access

Sep 8, 2025 5:08 PM

Tags: access, hacker, malware, phishing, tactics, windows

MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity… First seen on hackread.com Jump to article: hackread.com/mostererat-windows-anydesk-tightvnc-access/
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
MostereRAT Targets Windows, Uses AnyDesk and TightVNC for Full Access

Sep 8, 2025 5:08 PM

Tags: access, hacker, malware, phishing, tactics, windows

MostereRAT malware targets Windows through phishing, bypasses security with advanced tactics, and grants hackers full remote control. Cybersecurity… First seen on hackread.com Jump to article: hackread.com/mostererat-windows-anydesk-tightvnc-access/
MostereRAT Targets Windows Users With Stealth Tactics

Sep 8, 2025 5:08 PM

Tags: phishing, tactics, windows

Phishing campaign unveiled MostereRAT, targeting Windows systems with advanced evasion techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rat-targets-windows-users-stealth/
Using Programmable Tokens for Secure Windows Login

Sep 7, 2025 12:20 PM

Tags: Hardware, login, mfa, windows

Enhance Windows security using programmable tokens for multi-factor authentication. Learn how to set up and use hardware tokens for a more secure login process. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/using-programmable-tokens-for-secure-windows-login/
(g+) Cloud: Windows 365 als PC – taugt das was?

Sep 7, 2025 10:20 AM

Tags: cloud, windows

Windows 365 ist wie Strom aus der Steckdose statt eines eigenen Generators. Was IT-Entscheider über die vielen Vor- und Nachteile wissen müssen. First seen on golem.de Jump to article: www.golem.de/news/cloud-windows-365-als-pc-taugt-das-was-2509-199832.html
GhostRedirector: Hacker manipulieren Google-Suchergebnisse

Sep 7, 2025 6:20 AM

Tags: google, hacker, tool, windows

Eine neu entdeckte Hackergruppe missbraucht weltweit Windows-Server für SEO-Betrug. Mit zwei eigens entwickelten Tools bringen die Angreifer zwielichtige Websites in Google-Suchergebnissen nach oben monatelang unentdeckt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ghostredirector-google
Windows starts asking for admin rights where it shouldn’t after security fix

Sep 6, 2025 1:20 PM

Tags: update, windows

Patch closes vuln but leaves standard users locked out of common apps First seen on theregister.com Jump to article: www.theregister.com/2025/09/04/windows_admin_rights_bug/
Schonfrist für Windows 10: Wie du den Support bis Oktober 2026 verlängern kannst

Sep 6, 2025 6:20 AM

Tags: windows

First seen on t3n.de Jump to article: t3n.de/news/schonfrist-fuer-windows-10-1700273/
Firefox 115 ESR: Windows 7/8.1-Support bis März 2026

Sep 6, 2025 1:20 AM

Tags: browser, windows

Der Mozilla Firefox 115 ESR läuft unter Windows 7 / 8.1 und befindet sich seit länger Zeit im erweiterten Support. Bisher war bekannt, dass die Entwickler diese Browser-Version bis zum September 2025 unterstützen möchten. Nun haben die Mozilla-Entwickler bestätigt, dass … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/06/firefox-115-esr-windows-7-8-1-support-bis-maerz-2026/
Raw Disk Reads: The EDR Blind Spot Threat Actors Love

Sep 5, 2025 8:20 PM

Tags: credentials, edr, threat, windows

Attackers use raw disk reads to evade EDR and steal Windows credential files, exposing a major blind spot in enterprise defenses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/edr-blind-spots-workday/
You should be aware of these latest social engineering trends

Sep 5, 2025 4:20 PM

Tags: access, attack, authentication, awareness, breach, control, cyber, cybercrime, cybersecurity, data, email, exploit, group, hacker, login, mfa, microsoft, network, phone, radius, risk, service, social-engineering, strategy, tool, vulnerability, windows

It’s raining (phishing) emails: Unlike other attacks in the cybersecurity landscape, social engineering does not focus on exploiting vulnerabilities in code or network architecture. Instead, it exploits human behavior, which is often the weakest link in the security chain. And stress on an already busy day is an extremely effective trigger.The following examples show how…
You should be aware of these latest social engineering trends

Sep 5, 2025 4:20 PM

Tags: access, attack, authentication, awareness, breach, control, cyber, cybercrime, cybersecurity, data, email, exploit, group, hacker, login, mfa, microsoft, network, phone, radius, risk, service, social-engineering, strategy, tool, vulnerability, windows

It’s raining (phishing) emails: Unlike other attacks in the cybersecurity landscape, social engineering does not focus on exploiting vulnerabilities in code or network architecture. Instead, it exploits human behavior, which is often the weakest link in the security chain. And stress on an already busy day is an extremely effective trigger.The following examples show how…
‘SEO fraud-as-a-service’ scheme hijacks Windows servers to promote gambling websites

Sep 5, 2025 2:20 PM

Tags: fraud, malware, service, windows

A malware campaign dubbed GhostRedirector by researchers at ESET attempts to compromise websites to drive traffic to gambling sites. First seen on therecord.media Jump to article: therecord.media/seo-scheme-windows-malware-gambling-sites-ghostredirector
‘SEO fraud-as-a-service’ scheme hijacks Windows servers to promote gambling websites

Sep 5, 2025 2:20 PM

Tags: fraud, malware, service, windows

A malware campaign dubbed GhostRedirector by researchers at ESET attempts to compromise websites to drive traffic to gambling sites. First seen on therecord.media Jump to article: therecord.media/seo-scheme-windows-malware-gambling-sites-ghostredirector
‘SEO fraud-as-a-service’ scheme hijacks Windows servers to promote gambling websites

Sep 5, 2025 2:20 PM

Tags: fraud, malware, service, windows

A malware campaign dubbed GhostRedirector by researchers at ESET attempts to compromise websites to drive traffic to gambling sites. First seen on therecord.media Jump to article: therecord.media/seo-scheme-windows-malware-gambling-sites-ghostredirector
Supportende: Windows-10-Updates kosten Unternehmen künftig Milliarden

Sep 5, 2025 1:20 PM

Tags: microsoft, update, windows

Analysten schätzen, dass Microsoft mit ESU-Lizenzen für Windows 10 allein im ersten Jahr mehr als 6 Milliarden Euro einnimmt. First seen on golem.de Jump to article: www.golem.de/news/supportende-windows-10-updates-kosten-unternehmen-kuenftig-milliarden-2509-199822.html
New Malware Exploits Windows Character Map to Evade Defender and Mine Crypto

Sep 5, 2025 12:20 PM

Tags: antivirus, attack, crypto, cyber, exploit, malware, windows

A sophisticated cryptojacking campaign that hijacks Windows’ native Character Map utility (“charmap.exe”) to evade Windows Defender and covertly mine cryptocurrency on compromised machines. First detected in late August 2025, this attack exploits legitimate system binaries to load a custom cryptomining payload directly into memory, thwarting traditional antivirus signatures and curtailing forensic artifacts. Security researchers have…
Neue Hacker-Gruppe GhostRedirector vergiftet Windows-Server

Sep 5, 2025 10:20 AM

Tags: backdoor, google, hacker, windows

ESET Forscher haben eine neue Hackergruppe identifiziert, dieWindows-Server mit einer passiven C++-Backdoor und einem bösartigen IIS-Modul angreift. Ihr Ziel: die Manipulation von Google-Suchergebnissen First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/neue-hacker-gruppe-ghostredirector-vergiftet-windows-server/
Hackers Exploit Raw Disk Reads to Evade EDR and Steal Sensitive Files

Sep 5, 2025 9:19 AM

Tags: access, cyber, detection, edr, endpoint, exploit, hacker, Hardware, tool, windows

Attackers can bypass Endpoint Detection and Response (EDR) tools and file locks by reading raw disk sectors directly, highlighting the urgent need for organizations to audit and secure the drivers installed on their Windows systems. In modern Windows environments, drivers provide low-level access to hardware and disk functions. A recent investigation by Workday’s Offensive Security…
NightshadeC2 Botnet Exploits ‘UAC Prompt Bombing’ to Evade Windows Defender

Sep 5, 2025 9:19 AM

Tags: access, botnet, credentials, cyber, endpoint, exploit, malware, theft, threat, windows

A sophisticated new botnet called NightshadeC2 that employs an innovative >>UAC Prompt Bombing
Windows Heap Buffer Overflow Vulnerability Allows Attackers to Gain Elevated Privileges

Sep 5, 2025 8:20 AM

Tags: control, cyber, flaw, microsoft, service, vulnerability, windows

A critical security vulnerability has been discovered in Microsoft Windows systems that allows attackers to escalate their privileges and potentially gain complete control over affected machines. The vulnerability, designatedCVE-2025-53149, affects the Kernel Streaming WOW Thunk Service Driver and was patched by Microsoft in August 2025. Vulnerability Overview The security flaw is a heap-based buffer overflow located in…
Windows Heap Buffer Overflow Vulnerability Allows Attackers to Gain Elevated Privileges

Sep 5, 2025 8:20 AM

Tags: control, cyber, flaw, microsoft, service, vulnerability, windows

A critical security vulnerability has been discovered in Microsoft Windows systems that allows attackers to escalate their privileges and potentially gain complete control over affected machines. The vulnerability, designatedCVE-2025-53149, affects the Kernel Streaming WOW Thunk Service Driver and was patched by Microsoft in August 2025. Vulnerability Overview The security flaw is a heap-based buffer overflow located in…